Risky Business Podcast

March 11, 2020

Risky Business #574 -- EARN IT Act targets crypto, Joshua Schulte to be retried on most serious charges

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick and Adam discuss the week’s security news, including:

  • Two Exabeam engineers sick with Coronavirus following RSA attendance
  • Hung jury in Joshua Schulte Vault7 trial
  • Qihoo 360 tries to “pull an APT1” but it was just weird and awkward instead
  • Corellium releases Android for iPhone hardware toolkit
  • Much, much more.

This week’s sponsor interview is with Scott Kuffer of Nucleus Security. They have built a web application that pulls together feeds from all your vulnscanners and vulnerability-related software (Snyk, Burp, whatever), normalises it then lets you slice it, dice it, and send it through to the most relevant project owner/dev team. It’s insanely popular stuff, and Scott pops along this week to talk about vulnerability management and what his last year has looked like as Nucleus’s business has boomed.

Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing.

Risky Business #574 -- EARN IT Act targets crypto, Joshua Schulte to be retried on most serious charges
0:00 / 0:00

Show notes

Two People Who Attended Cyber Event Contract Coronavirus

The EARN IT Act Is a Sneak Attack on Encryption | WIRED

Vault 7 court case ends in mistrial on most serious charges

Energy Organizations Continue to be Compromised Globally | Dragos

Chinese security firm says CIA hacked Chinese targets for the past 11 years | ZDNet

Exclusive: This Hack Turns Apple’s iPhone Into An Android

Apple Just Demanded Santander And A $50 Billion US Intelligence Contractor Reveal How They Use iPhone Hacking Tech

NSO Group works to explain no-show in court for WhatsApp suit, plots defense

Facebook sues Namecheap to unmask hackers who registered malicious domains | ZDNet

Clearview AI Reports Breach of Customer List - VICE

Clearview AI, Facial Recognition Company That Works With Law Enforcement, Says Entire Client List Was Stolen

Apple has blocked Clearview AI’s iPhone app for violating its rules | TechCrunch

London Police Just Turned On Facial Recognition In One Of The World’s Busiest Shopping Districts

This Small Company Is Turning Utah Into a Surveillance Panopticon - VICE

Surveillance Firm Banjo Used a Secret Company and Fake Apps to Scrape Social Media - VICE

Defense contractor CPI knocked offline by ransomware attack | TechCrunch

Visser, a parts manufacturer for Tesla and SpaceX, confirms data breach | TechCrunch

Ryuk ransomware hits Fortune 500 company EMCOR | ZDNet

One of Roman Abramovich's companies got hit by ransomware | ZDNet

Legal services giant Epiq Global offline after ransomware attack | TechCrunch

Big health care analytics firm infected with ransomware

Croatia's largest petrol station chain impacted by cyber-attack | ZDNet

US Railroad Contractor Reports Data Breach After Ransomware Attack

DoppelPaymer Hacked Bretagne Télécom Using the Citrix ADC Flaw

Zyxel 0day Affects its Firewall Products, Too — Krebs on Security

The strange, unexplained journey of ToTok in Google Play fuels user suspicions | Ars Technica

Message to our ToTok community

Indictment names Group-IB executive in scheme to sell hacked data

Chrome 80 update cripples top cybercrime marketplace | ZDNet

Brave to generate random browser fingerprints to preserve user privacy | ZDNet

Firefox to enable DNS-over-HTTPS by default to US users | TechCrunch

Let’s Encrypt deploys new domain validation technology to mitigate BGP hijacking risks | The Daily Swig

Microsoft Exchange Server admins urged to treat crypto key flaw as ‘critical’ | The Daily Swig

Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu | ZDNet

Zoho zero-day published on Twitter | ZDNet

(12) Thijs Alkemade on Twitter: "Last week, I was thinking back about this discussion from @riskybusiness. I decided to have a look at how it works. While doing that, I found a vulnerability that could have been used to gain unauthorized access to an iCloud account. https://t.co/szfFBNWZmy" / Twitter

5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable | Ars Technica

Positive Technologies - learn and secure : Intel x86 Root of Trust: loss of trust

AMD processors from 2011 to 2019 vulnerable to two new attacks | ZDNet

Intel CPUs vulnerable to new LVI attacks | ZDNet

A Flaw in Billions of Wi-Fi Chips Let Attackers Decrypt Data | WIRED

Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys | WIRED

GadgetProbe: New tool simplifies the exploitation of Java deserialization vulnerabilities | The Daily Swig

FBI Warned Of Fraudster’s Paradise: Up To 130,000 Hacked Asus Routers On Sale For A Few Dollars

Porn, gore, and gambling habits aired in Virgin Media breach | Ars Technica

Hackers Were Inside Citrix for Five Months — Krebs on Security

The Case for Limiting Your Browser Extensions — Krebs on Security

Hackers are targeting other hackers by infecting their tools with malware | TechCrunch

Who's Hacking the Hackers: No Honor Among Thieves

Google could have fixed 2FA code-stealing flaw in Authenticator app years ago | ZDNet

New action to disrupt world’s largest online criminal network - Microsoft on the Issues

This Chinese Whale Lost $45 Million in Bitcoin and BCH Overnight: How it Happened